AI Accountant: What Machine Learning Actually Does (and Does Not Do) in AP Automation

An AI accountant is not an accountant. Machine learning tools in accounts payable can extract invoice data, suggest account codes, flag anomalies, and surface exceptions for review. What they cannot do is sign a payment, take legal responsibility for an approval decision, or absorb the consequences when something goes wrong. Most content on this topic stops at the first list. The governance question nobody addresses clearly is the second: who is legally accountable when an AI-assisted payment turns out to be fraudulent, incorrect, or unauthorised? The answer, under every current legal framework in Australia, is a human being.

That distinction matters because the gap between what AI does well and what humans must retain is exactly where Australian finance teams are making decisions right now, often without a clear framework for where the line sits.

## What Machine Learning Actually Does in AP Automation

AI in accounts payable is most valuable where the task is repeatable, pattern-based, and high-volume. Three functions stand out.

**Data extraction and structuring.** PDF invoices arrive in dozens of formats. Machine learning models, trained on large volumes of documents, can identify line items, amounts, supplier details, GST treatment, and payment terms without manual re-keying. This is where the technology is most mature and most reliable. The error rates for structured extraction from standard invoice formats are low, and the productivity gains are real.

**Coding suggestions.** Once an invoice is extracted, the system needs to decide how to code each line item. AI approaches this by learning from coding history: if a particular supplier's labour line has been coded to a specific account 47 times, the model will suggest that code again on the 48th invoice. This is not intelligent reasoning. It is pattern matching. It works well for stable, recurring suppliers and breaks down when a new supplier appears, when a line item is ambiguous, or when the historical coding was itself inconsistent.

**Anomaly flagging.** When supplier details change, when an invoice amount sits outside historical norms, or when a potential duplicate arrives, machine learning can surface those signals before the invoice reaches the approval queue. This is arguably where AI adds the most protective value in AP, because these are exactly the moments when payment redirection fraud and business email compromise succeed. The model is not making a judgement call. It is identifying a statistical deviation and routing it for human review.

All three of these functions support human decision-making. None of them replace it.

## The Governance Question No One Is Answering

Here is the tension that sits underneath almost every "AI accountant" conversation: the marketing language has outpaced the legal and governance reality.

Software vendors regularly describe their tools as AI-powered, autonomous, and capable of processing invoices end-to-end. What they rarely explain is what happens when that processing produces an incorrect payment. Who carries the liability?

Under Australian law, the answer is unambiguous. AI systems have no legal personhood. They cannot be held responsible for decisions. The [Department of Industry Science and Resources' legal landscape guidance on AI in Australia](https://www.industry.gov.au/publications/voluntary-ai-safety-standard/legal-landscape-ai-australia) confirms there is no legislative framework that transfers liability from the organisation deploying an AI system to the system itself. Courts consistently assign liability to the organisations and professionals deploying AI, not to the technology. As [Corrs Chambers Westgarth notes in their analysis of AI liability](https://www.corrs.com.au/insights/liability-for-ai-considering-the-risks), responsibility depends on how a decision can be traced back through the decision-making chain to identify fault.

In practical terms, this means a finance team that allows an AI tool to approve and route a payment without human sign-off has not removed accountability from the process. They have just made it harder to explain where the control was.

This is the governance question that no AI accounting content tackles directly: the tool processes the invoice, but a person at your organisation remains legally responsible for the outcome.

## Where Human Approval Authority Is Non-Negotiable

The legal position translates into three specific areas where human approval authority must remain intact, regardless of how capable the AI layer is.

**Payment authorisation.** No AI system should have the authority to initiate or approve a payment without a human reviewing and signing off on the instruction. This is not a technology limitation that will eventually be overcome. It is a governance requirement. Australian businesses are not protected from fraud losses simply because an AI system processed the invoice. If the control was absent, the loss is the business's to absorb. [Payment redirection scams cost Australian businesses AU$152.6 million in 2024](https://www.accc.gov.au/system/files/Targeting%20scams%20-%20report%20of%20the%20ACCC%20on%20scams%20activity%202024.pdf), a 66% increase from the prior year, according to the ACCC's National Anti-Scam Centre. Many of those losses occurred in businesses that had automation in place but lacked the human checkpoint at the point of payment.

**Bank detail change approvals.** When a supplier's bank account details change, no automated system should process that change as routine. This is the single most exploited vector in business email compromise. The AI model sees a supplier name it recognises and processes the invoice. But the bank details on that invoice are different from every previous payment. A Victorian construction company lost AU$900,000 in 2024 when attackers compromised a supplier's email and substituted their own bank details on an otherwise legitimate invoice. The email came from the supplier's genuine address. Visual inspection at scale would not have caught it. A system designed to flag that deviation and halt it for human review would have.

**Threshold-based approval limits.** Delegation of authority frameworks exist for a reason. Different roles within a business have different authorisation limits. An AI system that routes invoices based on amount must be paired with enforced approval workflows that match those limits in real time, not just document them in a policy. Segregation of duties requires that the person processing an invoice is not also the person approving payment. If an automated workflow removes the friction but also removes the control, it has not solved the problem.

## The Scenario Where This Goes Wrong

A financial controller at a Brisbane wholesale distributor adopted an AP automation platform that used AI to process and code invoices, routing them to Xero once matched. The platform flagged exceptions for review, but the exception threshold was set at 15% variance from historical amounts. A supplier invoice arrived with standard amounts but with changed bank details. The AI matched it on amount and coding history. No exception was triggered because the financial control was configured around price variance, not supplier detail changes. The invoice was published to Xero and paid before anyone reviewed the bank detail change. The AU$47,000 payment could not be recovered.

The failure was not the AI. The failure was the configuration of what the AI was asked to check. And behind that configuration decision sat a human being who was accountable for it.

This is the practical implication of the governance question. [AP automation](/ap-automation) that does not include vendor validation as a core control function is not safer automation. It is faster exposure.

## What AI Does Well: The Legitimate Value in AP

Having drawn the line clearly, it is worth being specific about where machine learning genuinely reduces effort and improves outcomes.

**Reducing manual re-keying errors.** [According to global benchmarks from DocuClipper](https://www.docuclipper.com/blog/accounts-payable-statistics/), 39% of invoices processed manually contain errors. Machine learning extraction does not eliminate errors, but it concentrates them in the genuinely ambiguous cases rather than distributing them across all invoices. For a business processing 150 invoices per week, reducing the error rate from 39% to 5% is meaningful.

**Consistent line-item coding.** The knowledge hub data from Pulsify's own customer base is instructive here: before AI-assisted coding, a bookkeeper managing accounts for multiple clients might code the same supplier's freight line to three different accounts across three clients, because there is no enforced rule and the decision is made fresh each time. After AI-assisted coding, the suggestion is drawn from supplier history, and the coding is consistent unless there is a specific reason to override it. This matters at month-end, when inconsistent coding creates reconciliation work and distorts reporting.

**Exception surfacing before the ledger.** The most productive use of AI in AP is to separate the invoices that need attention from those that do not. A finance team that reviews every invoice is spending most of its time reviewing invoices that are routine and correct. AI can handle the routine cases and concentrate human attention on the exceptions: the duplicate, the price mismatch, the changed bank detail, the new supplier without a verified ABN. For a business that went from 4 hours per week coding 50 invoices to 15 minutes reviewing flagged exceptions, the time saving is real. But the 15 minutes of human review is not optional. It is the control.

**Duplicate detection before publication.** Duplicate invoices are a persistent problem in AP, particularly for businesses receiving invoices from multiple channels: email, PDF attachment, supplier portal, job management system. AI can compare incoming invoices against invoice history and flag potential duplicates before they reach the ledger. This is a control function, not just a productivity function. Paying a supplier twice is a recoverable error. Paying a fraudulent duplicate is sometimes not.

## The 50% Problem: AI-Generated Fraud

Around [50% of business email compromise emails are now AI-generated](https://www.pulsify.com.au), according to figures cited in security industry research. This creates an uncomfortable symmetry: the same technology being adopted to speed up AP processing is also being used to make fraudulent invoices more convincing.

An AI-generated fraudulent invoice is formatted correctly, addresses the right contact, references the right project or supplier relationship, and is grammatically indistinguishable from a legitimate document. A finance team relying on visual inspection to catch fraud is working against increasingly sophisticated tools.

The implication is that AI adoption in AP does not reduce fraud risk by default. Without a structured [validation layer](/validation-exception-review) that checks supplier details against historical behaviour before an invoice is approved and published to the accounting system, a faster AP process is also a faster fraud pathway. Pulsify's approach to this is to compare incoming supplier details, including bank account information, against historical patterns and flag any deviation for human review before the invoice reaches Xero or MYOB. The human review is not an afterthought. It is the control mechanism that makes the automation safe to run.

## What "AI Accountant" Tools Actually Cannot Do

For clarity, here is the list of things that fall outside what AI in AP can legitimately do, regardless of how the vendor describes the product.

- **Take legal responsibility for a payment.** No AI system can be sued, prosecuted, or held professionally liable under Australian law. The person or organisation that deployed the tool retains all accountability.

- **Exercise judgment on genuinely novel situations.** AI coding suggestions work on historical patterns. A new supplier, an unusual invoice structure, or a transaction that sits outside the historical range requires a human decision.

- **Verify the real-world legitimacy of a supplier.** AI can check whether an ABN is correctly formatted. It cannot verify whether the business associated with that ABN is legitimate, whether the goods were actually delivered, or whether a contract was entered into in good faith.

- **Approve exceptions.** Exception handling exists precisely for situations where the automated logic cannot produce a confident answer. Routing those exceptions back through AI rather than to a qualified human defeats the purpose of the exception system.

- **Sign a bank transfer.** This one should not need stating, but it is worth stating: no AI tool should have authority to initiate a payment without a human authoriser completing the approval step.

This is not a critique of AI in accounting. It is a description of what the technology is. The tools that describe themselves as autonomous AP systems are making a claim that does not hold up under either technical or legal scrutiny.

## Configuring AI Controls Correctly

The difference between AI that reduces risk and AI that compounds it often comes down to configuration decisions made at setup.

**Exception thresholds must cover supplier detail changes, not just amount variances.** A threshold set at 15% variance on invoice amount will not catch a payment redirection fraud where the amount is correct. The validation layer needs to check bank account details, supplier name formats, ABN, and GST registration status, not just price.

**Approval workflows must reflect your actual delegation of authority.** If your business requires two approvers for invoices above AU$10,000, the automated routing must enforce that in the workflow, not just document it in a policy. Approval workflows that are configurable but not enforced are not controls. They are suggestions.

**Audit trail must be complete.** For every invoice processed, the system should record what the AI recommended, what a human reviewed, and who authorised the payment. An audit trail that only records the final approval does not satisfy the segregation of duties requirement and does not support post-incident investigation.

**Human review of exceptions must be prompt.** An exception queue that sits unreviewed for three days because the person responsible is busy defeats the purpose of real-time flagging. The control is not just the flag. It is the review that follows it.

These configuration decisions are where the governance question lands in practice. The technology can surface the right information. The organisation has to build the process that responds to it.

## The Counterargument: Isn't AI Getting More Capable?

The obvious counterargument to this position is that AI capabilities are improving rapidly, and the governance line between human and machine will shift over time.

That is partly true. Extraction accuracy will improve. Coding suggestions will become more reliable. Anomaly detection will become more nuanced. There is genuine progress happening, and it will reduce the volume of exceptions that require human review.

What is unlikely to change is the legal and ethical framework in Australia that requires a human to bear responsibility for financial decisions. Even in a future where AI accuracy approaches 99.9%, the 0.1% that goes wrong will create losses. Those losses will need an accountable party. Under Australian Consumer Law and existing contractual frameworks, that party will be the organisation that deployed the tool, not the tool itself.

The governance principle does not weaken as the technology improves. If anything, as AI handles more of the routine processing, the remaining human checkpoints become more important, not less. The exceptions that reach a human reviewer in a highly automated system are the hard ones, the genuinely ambiguous cases that require judgement. That is not a role that is being automated away. It is a role that is being elevated.

[According to Karbon's State of AI in Accounting research](https://karbonhq.com/resources/state-of-ai-accounting-report-2025/), 62% of accounting professionals believe AI could replace specific tasks, but only 10% think it could replace full roles. That is a reasonable reading of where the technology actually is. The specific tasks being automated are data entry, coding, and matching. The roles requiring judgement, oversight, and accountability are not.

## Practical Implications for Australian Finance Teams

If you are evaluating AI in your AP process, or if you already use it and are reviewing your controls, the practical takeaways from this analysis are:

1. Map your current approval workflows and identify every point where a human is currently in the loop. Automation should maintain those control points, not remove them.

2. Review what your exception thresholds are configured to catch. If they only flag amount variances, add supplier detail change detection.

3. Confirm your audit trail records AI recommendations separately from human approvals. You need to be able to reconstruct what happened at each step.

4. Check whether your delegation of authority policy is enforced in your workflow software or just documented. A policy in a PDF is not a control.

5. Train anyone processing invoices on what AI-generated fraud looks like. Faster processing is safer only when the human review that remains is a genuine checkpoint, not a rubber stamp.

Pulsify is built around this principle. The AI layer handles extraction, coding, and anomaly detection. The [validation and exception review](/validation-exception-review) process ensures that anything flagged reaches a human reviewer before it publishes to Xero or MYOB. The automation is designed to concentrate human attention where it matters, not to remove it.

---

## Frequently Asked Questions

**What does an AI accountant actually do in accounts payable?**

In AP, AI tools handle data extraction from invoices, coding suggestions based on supplier history, duplicate detection, and anomaly flagging. These functions reduce manual effort on routine, repeatable tasks. What AI does not do is make approval decisions, take legal responsibility for payments, or verify the real-world legitimacy of a supplier or transaction.

**Can AI be held legally responsible for an incorrect or fraudulent payment in Australia?**

No. Under Australian law, AI systems have no legal personhood and cannot bear liability. Organisations that deploy AI tools retain full responsibility for the outcomes of those tools. Courts and regulators attribute liability to the organisation or professional who deployed the system, based on how their configuration and oversight decisions contributed to the failure.

**How does AI in AP automation affect fraud risk?**

AI can reduce fraud risk when it includes a validation layer that flags supplier detail changes, including bank account number changes, before an invoice is approved. Without that layer, AI-accelerated processing can increase exposure by moving fraudulent invoices through the system faster than manual review would have. Around 50% of business email compromise emails are now AI-generated, making visual detection by finance staff increasingly unreliable.

**Where does human approval authority remain non-negotiable in an automated AP workflow?**

Three areas require human authorisation regardless of how capable the AI layer is: payment initiation and approval, bank detail changes on existing supplier records, and any invoice that triggers an exception flag. Segregation of duties also requires that the person processing invoices is not the same person authorising payment. Automation should enforce these controls, not bypass them.

**What is the difference between AI coding suggestions and actual account coding decisions?**

AI coding suggestions are pattern-matched recommendations based on how similar invoices from the same supplier have been coded historically. They are suggestions, not decisions. A human must review and confirm the coding, particularly for new suppliers, ambiguous line items, or invoices where the historical coding was inconsistent. The coding decision carries tax and reporting implications, including GST treatment, that require a qualified human to confirm.

**Should small businesses be concerned about AI governance in AP if they only process a small number of invoices?**

Yes. The fraud risk does not scale down proportionally with invoice volume. A business processing 20 invoices per month is still a target for payment redirection scams, and a single successful fraud at that scale can be proportionally more damaging. The governance principles around bank detail verification, approval limits, and audit trail apply regardless of volume. The question is whether the tool you are using enforces those controls or leaves them to manual judgement.

---

## Related Guides

Cluster articles on this topic have not yet been published. The following related guides from the Pulsify content library cover adjacent topics that inform the AI governance discussion:

- [Expense Management Software: Where PO Matching Breaks in Real Construction Environments](/blog/expense-management-systems)

As the content library grows, additional cluster articles will be linked here covering AI exception handling, vendor validation configuration, and delegation of authority frameworks for automated AP workflows.

---